The Internet Archive is currently under attack from hacker groups. And, it seems these bad actors have been able to access sensitive data for millions of the Internet Archive's users.

The non-profit Internet Archive, which keeps archived versions of digital media including websites via The Wayback Machine, has been suffering from distributed denial of service (DDoS) attacks sincethe beginningof the week. These attacks have resulted in prolonged inaccessibility.

Tweet may have been deleted

"@internetarchive is being cautious and prioritizing keeping data safe at the expense of service availability," posted Internet Archive digital librarian Brewster Kahle on his X account.

However, the DDoS attacks aren't the only thing the Internet Archive has to worry about. It appears that the Internet Archive has been unable to keep at least some of its data safe as it undergoes attacks from threat actors. 

SEE ALSO: Internet Archive loses first ruling in copyright lawsuit

Emails, screen names, and encrypted passwords for 31 million Internet Archive users have been stolen in a data breach. At this time, it's unclear if the data breach and the DDoS attacks are related.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

Internet Archive hacked

Along with the downtime related to the DDoS attacks, social media users began noticinga pop-up prompt on the Internet Archive's website on Wednesday.

Tweet may have been deleted

"Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach?" read the prompt. "It just happened. See 31 million of you on HIBP!"

HIBP refers to the website Have I Been Pwned, a website that notifies users if their data was involved in a data breach.

According to Bleeping Computer, Have I Been Pwned founder Troy Hunt confirmed to the outlet that they had received a 6.4GB SQL database file which includes users' "email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data."

---

Related Stories

---

• Over 200,000 Comcast customers affected in data breach: Names, IDs, Social Security numbers exposed
• 23andMe breach victims to benefit from multi-million dollar settlement
• Hackers steal nearly 1.7 million credit card numbers in breach

Hunt has been able to confirm the legitimacy of the data. Based on the timestamp on the hacked information, it appears that it was likely stolen on September 28, 2024. Hunt said that he contacted the Internet Archive before loading the data into the Have I Been Pwned service. He has not yet heard back.

A group known as SN-Blackmeta has claimedresponsibility for the DDoS attack. Again, its unclear if they are involved in the data breach. The group saidthat it carried out the DDoS attack because of the United States' support for Israel and that the Internet Archive "belongs to the USA." Many social media users were quick to point out that the Internet Archive is an independent non-profit organization and is not affiliated with the U.S. government.

Mashable has reached out to the Internet Archive for more information on the attacks and will update this post when we hear back.